The Hacker News — Cyber Security, Hacking, Technology News

WikiLeaks has just published a new batch of the ongoing Vault 7 leak, this time detailing an alleged CIA project that allowed the agency to hack and remotely spy on computers running the Linux operating systems.

Dubbed OutlawCountry, the project allows the CIA hackers to redirect all outbound network traffic on the targeted computer to CIA controlled computer systems for exfiltrate and infiltrate data.

The OutlawCountry Linux hacking tool consists of a kernel module, which the CIA hackers load via shell access to the targeted system and create a hidden Netfilter table with an obscure name on a target Linux user.

"The new table allows certain rules to be created using the "iptables" command. These rules take precedence over existing rules, and are only visible to an administrator if the table name is known. When the Operator removes the kernel module, the new table is also removed," CIA's leaked user manual reads.

Although the installation and persistence method of the OutlawCountry tool is not described in detail in the document, it seems like the CIA hackers rely on the available CIA exploits and backdoors to inject the kernel module into a targeted Linux operating system.

However, there are some limitations to using the tool, such as the kernel modules only work with compatible Linux kernels.

"OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain," WikiLeaks says.

Previous Vault 7 CIA Leaks

Dubbed ELSA, the malware captures the IDs of nearby public hotspots and then matches them with the global database of public Wi-Fi hotspots' locations.

Since March, the whistleblowing group has published 14 batches of "Vault 7" series, which includes the latest and last week leaks, along with the following batches:

Brutal Kangaroo – a CIA tool suite for Microsoft Windows that targets closed networks or air-gapped computers within an enterprise or organization without requiring any direct access.

Cherry Blossom – a CIA's framework, generally a remotely controllable firmware-based implant, used for monitoring the Internet activity of the target systems by exploiting flaws in WiFi devices.

Pandemic – a CIA's project that allowed the spying agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network.

Athena – an agency's spyware framework that has been designed to take full control over the infected Windows machines remotely, and works with every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

AfterMidnight and Assassin – Two apparent CIA's malware frameworks for the Microsoft Windows platform that is meant to monitor and report back actions on the infected remote host computer and execute malicious code.

Archimedes – A man-in-the-middle attack tool allegedly built by the spying agency to target computers inside a Local Area Network (LAN).

Scribbles – A piece of software reportedly designed to embed 'web beacons' into confidential documents, allowing the CIA hackers to track insiders and whistleblowers.

Grasshopper – A framework that allowed the CIA to easily create custom malware for breaking into Microsoft's Windows and bypassing antivirus protection.

Marble – The source code of a secret anti-forensic framework, primarily an obfuscator or a packer used by the spying agency to hide the actual source of its malware.

Dark Matter – Hacking exploits the agency designed and used to target iPhones and Mac machines.

Weeping Angel – Spying tool used by the CIA to infiltrate smart TV's, transforming them into covert microphones in target's pocket.

Remember the largest hack on Sony Pictures Entertainment late last year? Well, nobody can forget it. But let me remind you once again:

Sony Picture Entertainment hack was one of the most devastating hacks in the history that leaked several hundred gigabytes of sensitive data, including high-quality versions of five unreleased movies, celebrity phone numbers and their travel aliases, private information of its employees, upcoming film scripts, film budgets and many more.

Now, these large troves of hacked Sony data have been republished by Wikileaks.

THE SONY ARCHIVES

WikiLeaks on Thursday released "The Sony Archives," a fully searchable online database containing more than 30,000 documents and 173,132 emails that, it claims, were stolen from last year's Sony Pictures hack, proving a devastating and embarrassing security failure for the studio.

It is like, Whistleblower Julian Assange has hit the nerve:

The massive hack has already cost the entertainment giant more than $100 Million, and at the time when the company hoped the dust had settled on the last year’s Holocaust…

...Wikileaks – best known for revealing classified government and military documents – republished hundreds of thousands of emails, documents, and other sensitive information in a "fully searchable" format.

Julian Assange – "The documents deserve to be easily accessible."

"This archive shows the inner workings of an influential multinational corporation," WikiLeaks editor-in-chief Julian Assange said in a statement issued on Thursday. "It is newsworthy and at the center of a geo-political conflict. It belongs in the public domain. WikiLeaks will ensure it stays there."

Julian Assange's website also claimed that…

...the documents they published also show Sony's close ties to the United States Democratic Party and its efforts for collecting 'intelligence' on rival studios, including Oliver Stone's latest movie on former NSA contractor, Edward Snowden.

According to Wikileaks, The Sony Archives details email exchanges between Sony Pictures Entertainment and the White House, with nearly "100 US government email addresses" in the published database.

"The work publicly known from Sony is to produce entertainment," Wikileaks said. "However, the Sony Archives show that behind the scenes this is an influential corporation, with ties to the White House, with an ability to impact laws and policies, and with connections to the US military-industrial complex."

The Sony Pictures Entertainment hack was the result of the satirical movie "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un.

The hackers who call themselves the "Guardians of Peace" were apparently trying to prevent the release of The Interview. The FBI traced the hackers to North Korea.

The whistleblowing website Wikileaks from tonight releasing more than 100 U.S. Defense Department files detailing military detention policies in camps in Iraq and at Guantanamo Bay in the years after the September 11 attacks on U.S. targets - "The Detainee Policies"

In a statement, WikiLeaks criticized regulations it said had led to abuse and impunity and urged human rights activists to use the documents to research what it called policies of unaccountability. WikiLeaks says it plans to release the files in chronological order to paint a picture of the evolution of America’s military detainee practices.

WikiLeaks founder Julian Assange said: "The ’Detainee Policies’ show the anatomy of the beast that is post-9/11 detention, the carving out of a dark space where law and rights do not apply, where persons can be detained without a trace at the convenience of the U.S. Department of Defense. It shows the excesses of the early days of war against an unknown ’enemy’ and how these policies matured and evolved, ultimately deriving into the permanent state of exception that the United States now finds itself in, a decade later."

In January, U.N. human rights chief Navi Pillay said the United States was still flouting international law at Guantanamo Bay by arbitrarily and indefinitely detaining individuals. Almost 3,000 people were killed in 2001 when militants from Osama bin Laden's al Qaeda flew hijacked airliners into the World Trade Center towers in New York, the Pentagon and a field in Pennsylvania. - Reuters said.

WikiLeaks said a number of documents it was releasing related to interrogation of detainees, and these showed direct physical violence was prohibited. But it added the documents showed "a formal policy of terrorizing detainees during interrogations, combined with a policy of destroying interrogation recordings, has led to abuse and impunity."

According to Forbes, WikiLeaks latest publication breaks with its two previous releases of 2012 from the private intelligence firm Stratfor and the Syrian government, both of which consisted of millions of hacked emails rather than a small collection of leaked documents. Just how WikiLeaks obtained the new documents isn’t clear its anonymous submission system has been down for more than two years, with no new conduit for secure document leaks in sight.